It monitors reactor production and
radiation levels, gathers size, location
and other identifying and quantitative data
and periodical sends this data through one
of the backdoors thru a maze of IPs
till it delivers said data to a repository.
( To be clear, it is a bot, they talk to each
other P2P. G )

And the production of that reactor
is tracked in detail, and reports same.

Now even if the worm/rootkit is cut
off from the web it still operates.

With its own artificial intelligence it
tracks the data and if given limits are
crossed, production of weapon grade
material then the actions are tripped.

A big disaster would be if it caused
a Chernobyl, so it has been tested
and has paradigms to keep out
put as safe levels. It will take over
a out of control hot reactor and shut
it down if need be.

But its main defense against violations
of the non-proliferation treaty is to
corrupt the material rendering it incapable
of further processing. Destroy the product
for weapons but safely.

It in no way will damage a system,
as it is capable of taking over a reactor
and running it. Any civilian collateral
damage would be catastrophic for
the policy.

But it can on its own stop the violation.
In the case of a nuclear member, it
can just watch, with no interference.
Its artificial Intelligence working to
id the location and identifying data.

Of the 30,000 or 300,000 computers
it has penetrated in Iran it only has
to survive on 'one' to pick up new
instructions and or new infection
vectors to re infect Iran's entire net
work again.

How detailed and extensive is the
monitoring the worm does?
Here are some details.http://www.symantec.com/connect/blogs/exploring-stuxnet-s-plc-infection-process
Very extensive monitoring and
control abilities. Plus an artificial Intelligence.
If it looses contact.
If Iran isn't sure of 100% eradication
then they might want to leave it connected.
I would prefer real humans to artificial Intelligence
running a reactor any time.

But all this depends on Iran's regime.
And Irans IT experts.
With a switch of pay loads this could
go after the banks or power plants,
manufacturing lots of options.

Iran may have been check mated here.
This one was easy to find.
Are there others Invisible persistent
Rootkits? also on those PCs?

But this shows that NSA is at the top of the Game world wide,and they learn from every attack on US systems.This deluxe combo relies onold stand-bys and cutting edgecraft, and even 4 unknown zero day exploits. The data they havecollected on this would fill severalblogs already, and there is a lotmore to reverse engineer.

There are Gov. guys out therethat are buying unknown zeroday exploits, I've talked toone. He was interested in our BSU's.

We are scanning for the applicationof the "Law of Untended Consequence."

We may not see that until a counterstrike.

One nice "LUC" maybe the expulsionof Abberjonny as Iranian Presidentfrom the discovery of Stuxnet.Some of the file names arevery illuminating.

This surprised me, I knew it waspossible, but didn't think NSAhad the imagination, originalityor Guts to do it.VERY IMPRESSIVE. true masters of their craft,on every level, well thoughtout Paradigm, GENIUS.This isn't the first one they'vedone just the first discovered.And they may have meant for it tobe found? ( At this point, most common malware detection tools will detect this.)

"TEHRAN Times" NOT sucessfull

TEHRAN - Iranian information technology officials have confirmed that some Iranian industrial systems have been targeted by a cyber attack, but added that Iranian engineers are capable of rooting out the problem.

And they found Stuxnet:Mahmoud Alyaie told Mehr that the Iranian industrial control systems are made by Siemens and the Stuxnet is designed to attack exactly these systems and transfer classified data abroad.An IT official of Iran's mines and metals ministry told the Mehr news agency that 30,000 computers belonging to industrial units have already been infected by the virus.

These guys are good and are tenacious.

But can they remove it and be sure?

What surprises await them.

Note they just discovered it,

did not say they removed it.ISNA news agency, however, reported that the Iranian Atomic Organization held a seminar this week to improve the organization's cyberdata, especially against Stuxnet, and 'explore ways to remove it.' THEY HAVE NOT BEEN ABLE TO REMOVE IT, g

Target rich environment.

On September 22, Russia’s President Dmitry Medvedev signed a decree which bans deliveries of S-300missile systems to Iran. Called “On Measures to Implement Resolution 1929 of June 9, 2010 of the UN Security Council,” the document prohibits any transit across Russia and the transfer to Iran of all types of combat tanks, armored personnel carriers, large-caliber artillery systems, warplanes, helicopter gunships, warships, missiles or missile systems as defined in the UN Register of Conventional Arms.

But it didn't ban cyber security services.

Hmmm.

Iran is considering replacing all 30,000 infected units.That is probably the best way to go.The Nuke program would be on hold for 2 yrsduring the replacements.Or they can continue with USA watching everything in their nuke program.Iran's nuke program is an open book to NSA.This is why US has had such patience in negotiating with Iran. And how US has convinced Israel not to strike at Iran'snuke reactors.And note it took Ruskies to find it, theregime couldn't do it.

“new era of engagement” that is the trademark of Obama’s foreign policy. “Engagement” looks like this: Total Engagement...New def for"Total Engagement" ...tee hee GHats off to NSA. Salute.

Update: He also announced that a working group composed of representatives from the Communications and Information Technology Ministry, the Industries and Mines Ministry, and the Passive Defense Organization has been set up to find ways to combat the spyware. WELL IF ITS ONLY THE REGIMES EXPERTS WORKING ON THIS, IT WILL CONTINUE TO SPREAD. G

Communications and Information Technology Minister Reza Taqipour stated that Iranian engineers possess the expertise to create the required anti-virus software to clean the malware-infected systems. BUT THEY DIDN'T HAVE THE EXPERTISE TO FIND IT. g